akkoma/lib/pleroma/signature.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Signature do
  @behaviour HTTPSignatures.Adapter

  alias Pleroma.User
  alias Pleroma.User.SigningKey
  require Logger

  def key_id_to_actor_id(key_id) do
    case SigningKey.key_id_to_ap_id(key_id) do
      nil ->
        # hm, we SHOULD have gotten this in the pipeline before we hit here!
        Logger.error("Could not figure out who owns the key #{key_id}")
        {:error, :key_owner_not_found}

      key ->
        {:ok, key}
    end
  end

  def fetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
         {:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),
         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
      e ->
        {:error, e}
    end
  end

  def refetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
         {:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),
         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
      e ->
        {:error, e}
    end
  end

  def sign(%User{} = user, headers) do
    with {:ok, private_key} <- SigningKey.private_key(user) do
      HTTPSignatures.sign(private_key, SigningKey.local_key_id(user.ap_id), headers)
    end
  end

  def signed_date, do: signed_date(NaiveDateTime.utc_now())

  def signed_date(%NaiveDateTime{} = date) do
    Timex.lformat!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT", "en")
  end
end
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 06:49:20 +00:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

			`defmodule Pleroma.Signature do`
			`@behaviour HTTPSignatures.Adapter`

			`alias Pleroma.User`
adjust logic to use relation :signing_key 2024-06-27 04:06:27 +00:00			`alias Pleroma.User.SigningKey`
Fix about a million tests 2024-06-30 03:25:55 +00:00			`require Logger`
fix resolution of GTS user keys 2022-07-18 14:21:27 +00:00
signature: make key_id_to_actor_id() public 2019-07-18 15:35:42 +00:00			`def key_id_to_actor_id(key_id) do`
adjust logic to use relation :signing_key 2024-06-27 04:06:27 +00:00			`case SigningKey.key_id_to_ap_id(key_id) do`
			`nil ->`
Fix about a million tests 2024-06-30 03:25:55 +00:00			`# hm, we SHOULD have gotten this in the pipeline before we hit here!`
			`Logger.error("Could not figure out who owns the key #{key_id}")`
			`{:error, :key_owner_not_found}`
Signature: Handle non-ap ids in key ids. Mastodon and Gab sometimes send the format `acct:name@server`. 2020-05-01 13:54:38 +00:00
adjust logic to use relation :signing_key 2024-06-27 04:06:27 +00:00			`key ->`
			`{:ok, key}`
Signature: Handle non-ap ids in key ids. Mastodon and Gab sometimes send the format `acct:name@server`. 2020-05-01 13:54:38 +00:00			`end`
http signatures: derive actor ID from key ID. Almost all AP servers return their key ID as the actor URI with #main-key added. Hubzilla, which doesn't, uses a URL which refers to the actor anyway, so worst case, Hubzilla users get refetched. 2019-07-17 19:18:19 +00:00			`end`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00
			`def fetch_public_key(conn) do`
http signatures: derive actor ID from key ID. Almost all AP servers return their key ID as the actor URI with #main-key added. Hubzilla, which doesn't, uses a URL which refers to the actor anyway, so worst case, Hubzilla users get refetched. 2019-07-17 19:18:19 +00:00			`with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),`
Fix about a million tests 2024-06-30 03:25:55 +00:00			`{:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),`
Signature: Handle non-ap ids in key ids. Mastodon and Gab sometimes send the format `acct:name@server`. 2020-05-01 13:54:38 +00:00			`{:ok, actor_id} <- key_id_to_actor_id(kid),`
Remove FedSockets Current FedSocket implementation has a bunch of problems. It doesn't have proper error handling (in case of an error the server just doesn't respond until the connection is closed, while the client doesn't match any error messages and just assumes there has been an error after 15s) and the code is full of bad descisions (see: fetch registry which uses uuids for no reason and waits for a response by recursively querying a ets table until the value changes, or double JSON encoding). Sometime ago I almost completed rewriting fedsockets from scrach to adress these issues. However, while doing so, I realized that fedsockets are just too overkill for what they were trying to accomplish, which is reduce the overhead of federation by not signing every message. This could be done without reimplementing failure states and endpoint logic we already have with HTTP by, for example, using TLS cert auth, or switching to a more performant signature algorithm. I opened https://git.pleroma.social/pleroma/pleroma/-/issues/2262 for further discussion on alternatives to fedsockets. From discussions I had with other Pleroma developers it seems like they would approve the descision to remove them as well, therefore I am submitting this patch. 2020-11-17 14:28:30 +00:00			`{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`{:ok, public_key}`
			`else`
			`e ->`
			`{:error, e}`
			`end`
			`end`

			`def refetch_public_key(conn) do`
http signatures: derive actor ID from key ID. Almost all AP servers return their key ID as the actor URI with #main-key added. Hubzilla, which doesn't, uses a URL which refers to the actor anyway, so worst case, Hubzilla users get refetched. 2019-07-17 19:18:19 +00:00			`with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),`
Fix about a million tests 2024-06-30 03:25:55 +00:00			`{:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),`
Signature: Handle non-ap ids in key ids. Mastodon and Gab sometimes send the format `acct:name@server`. 2020-05-01 13:54:38 +00:00			`{:ok, actor_id} <- key_id_to_actor_id(kid),`
Remove FedSockets Current FedSocket implementation has a bunch of problems. It doesn't have proper error handling (in case of an error the server just doesn't respond until the connection is closed, while the client doesn't match any error messages and just assumes there has been an error after 15s) and the code is full of bad descisions (see: fetch registry which uses uuids for no reason and waits for a response by recursively querying a ets table until the value changes, or double JSON encoding). Sometime ago I almost completed rewriting fedsockets from scrach to adress these issues. However, while doing so, I realized that fedsockets are just too overkill for what they were trying to accomplish, which is reduce the overhead of federation by not signing every message. This could be done without reimplementing failure states and endpoint logic we already have with HTTP by, for example, using TLS cert auth, or switching to a more performant signature algorithm. I opened https://git.pleroma.social/pleroma/pleroma/-/issues/2262 for further discussion on alternatives to fedsockets. From discussions I had with other Pleroma developers it seems like they would approve the descision to remove them as well, therefore I am submitting this patch. 2020-11-17 14:28:30 +00:00			`{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`{:ok, public_key}`
			`else`
			`e ->`
			`{:error, e}`
			`end`
			`end`

adjust logic to use relation :signing_key 2024-06-27 04:06:27 +00:00			`def sign(%User{} = user, headers) do`
			`with {:ok, private_key} <- SigningKey.private_key(user) do`
standardise local key id generation 2024-10-30 12:44:01 +00:00			`HTTPSignatures.sign(private_key, SigningKey.local_key_id(user.ap_id), headers)`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`end`
			`end`
fix /inbox for Relay 2019-08-22 19:39:06 +00:00
			`def signed_date, do: signed_date(NaiveDateTime.utc_now())`

			`def signed_date(%NaiveDateTime{} = date) do`
Fix invalid Date HTTP header when signing fetch requests https://akkoma.dev/AkkomaGang/akkoma/issues/503 2023-08-07 12:39:59 +00:00			`Timex.lformat!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT", "en")`
fix /inbox for Relay 2019-08-22 19:39:06 +00:00			`end`
switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00			`end`